Komp rodzinny - tu się wszystko może zdarzyć :P

ďťż




	chomiki Awaria dolotu - może spowodować poważne uszkodzenia? na jakich maksymalnie obrotach może kręcić 1.9d czy ktos moze wie jak zaprogramowac pilota do centrala??? [`][`][`] - nie chcieliście Goszczowi to może OFIAROM GÓR !? moze ktos sprawdzic mi log?prosze Losowe zwiechy - co jeszcze może to powodować? dziwne rzezenie w okolicy rozrzadu... co to moze byc?? pytanie. co to może być, kiedy nie chce odpalić Moze jakiś meczyk w piłke?? co moze byc nie tak problem z pierwszym odpalaniem zanotowane.pl doc.pisz.pl pdf.pisz.pl apv88.opx.pl	chomiki Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:21:54, on 2009-09-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Installer\MSI87.tmp C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Program Files\Spik\Spik.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: Tibia Client.exe O4 - User Startup: Tibia Client.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.co...oUploader55.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com...ows-i586-jc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.c...Plus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2391A5F8-7541-4215-B559-D5ED9B628B10}: NameServer = 213.241.79.37,213.241.79.38,195.114.161.61,195.114.181.130 O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI87.tmp O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7300 bytes Uruchom HijackThis Do a system scan only w okienku programu pokaże się log zaznacz kratki przy podanych wpisach klikasz Fix checked R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: Tibia Client.exe O4 - User Startup: Tibia Client.exe Pobierz Combofix ale nie uruchamiaj. Wklej do notatnika: File:: C:\WINDOWS\MS32DLL.dll.vbs Plik zapisz jako CFScript.txt Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe Rozpocznie się usuwanie i powstanie log, który dajesz na forum. ComboFix 09-09-17.04 - Administrator 2009-09-18 18:20.1.2 - NTFSx86 Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt . ADS - WINDOWS: deleted 48 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\burnlib.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\dsp_sps.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\enc_aacplus.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\enc_flac.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\enc_lame.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\enc_vorbis.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\enc_wav.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\enc_wma.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\gen_crasher.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\gen_ff.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\gen_hotkeys.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\gen_ml.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\gen_tray.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_cdda.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_dshow.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_flac.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_linein.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_midi.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_mod.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_mp3.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_mp4.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_nsv.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_vorbis.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_wave.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\in_wm.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_autotag.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_bookmarks.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_dash.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_disc.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_history.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_local.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_nowplaying.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_online.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_orb.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_playlists.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_plg.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_pmp.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_rg.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_transcode.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\ml_wire.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\out_disk.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\out_ds.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\out_wave.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\playlist.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\pmp_activesync.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\pmp_ipod.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\pmp_njb.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\pmp_p4s.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\pmp_usb.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\tagz.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\vis_avs.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\vis_avs_282.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\vis_milk2.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\vis_nsfs.lng c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZB8A4.tmp\winamp.lng c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Clip Organizer\mstore10.mgc c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Clip Organizer\Offic10.MGC c:\documents and settings\Administrator\Moje dokumenty\kmplayer.reg c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\burnlib.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\dsp_sps.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\enc_aacplus.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\enc_flac.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\enc_lame.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\enc_vorbis.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\enc_wav.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\enc_wma.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\gen_crasher.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\gen_ff.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\gen_hotkeys.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\gen_ml.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\gen_tray.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_cdda.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_dshow.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_flac.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_linein.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_midi.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_mod.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_mp3.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_mp4.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_nsv.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_vorbis.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_wave.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\in_wm.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_autotag.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_bookmarks.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_dash.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_disc.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_history.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_local.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_nowplaying.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_online.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_orb.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_playlists.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_plg.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_pmp.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_rg.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_transcode.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\ml_wire.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\out_disk.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\out_ds.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\out_wave.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\playlist.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\pmp_activesync.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\pmp_ipod.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\pmp_njb.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\pmp_p4s.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\pmp_usb.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\tagz.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\vis_avs.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\vis_avs_282.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\vis_milk2.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\vis_nsfs.lng c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZB8A4.tmp\winamp.lng C:\MS32DLL.dll.vbs c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\windows\MS32DLL.dll.vbs c:\windows\system32\Data c:\windows\system32\micr0st.dll F:\autorun.inf F:\MS32DLL.dll.vbs G:\Autorun.inf G:\MS32DLL.dll.vbs H:\Autorun.inf H:\MS32DLL.dll.vbs . ((((((((((((((((((((((((( Pliki utworzone od 2009-08-18 do 2009-09-18 ))))))))))))))))))))))))))))))) . 2009-09-15 16:10 . 2009-09-15 16:10 -------- d-----w- c:\program files\AMR to MP3 Converter 2009-08-28 22:55 . 2009-08-28 22:55 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\PowerDVDCox 2009-08-28 22:55 . 2009-08-28 22:55 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\PowerDVDCinema 2009-08-28 22:53 . 2009-08-28 22:53 -------- d-----w- c:\program files\CyberLink . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-18 16:10 . 2008-07-08 08:26 -------- d-----w- c:\program files\Spik 2009-09-18 15:09 . 2008-07-07 12:25 -------- d-----w- c:\program files\PowerArchiver 2009-09-18 13:46 . 2008-07-08 08:47 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\MxBoost 2009-09-17 13:42 . 2008-08-31 17:03 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\BESTplayer 2009-09-13 17:13 . 2009-07-17 12:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NOS 2009-08-29 12:54 . 2008-07-08 08:30 -------- d-----w- c:\program files\Maxthon2 2009-08-28 22:47 . 2009-04-15 16:03 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-08-28 22:47 . 2008-07-07 11:11 353576 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-28 22:47 . 2008-07-07 11:11 505128 ----a-w- c:\windows\system32\msvcp71.dll 2009-08-28 22:17 . 2009-07-21 13:31 -------- d-----w- c:\program files\The KMPlayer 2009-08-19 11:20 . 2009-08-19 11:20 -------- d-----w- c:\program files\MailShare 2009-08-19 11:20 . 2009-08-19 11:20 103424 ----a-w- c:\windows\system32\Http Client_nat.dll 2009-08-14 11:19 . 2008-10-24 13:10 -------- d-----w- c:\program files\SystemRequirementsLab 2009-08-08 22:18 . 2008-07-07 12:01 -------- d-----w- c:\program files\Foxit Software 2009-08-07 23:35 . 2009-08-07 23:19 -------- d-----w- c:\program files\ReadManiac 2009-08-03 12:27 . 2009-08-03 12:27 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\HDRsoft 2009-08-03 12:24 . 2009-08-03 12:24 -------- d-----w- c:\program files\PhotomatixPro3 2009-07-21 13:30 . 2009-02-04 14:16 -------- d-----w- c:\program files\ffdshow 2009-07-21 13:28 . 2009-07-21 13:28 -------- d-----w- c:\program files\AC3Filter 2009-07-21 13:28 . 2009-07-21 13:28 -------- d-----w- c:\program files\Xvid 2009-07-21 13:26 . 2008-07-07 11:46 -------- d-----w- c:\program files\DivX 2009-07-21 13:26 . 2009-07-21 13:26 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-07-21 12:16 . 2008-08-31 09:23 -------- d-----w- c:\program files\KMPlayer 2009-07-21 12:16 . 2008-10-16 18:20 -------- d-----w- c:\program files\Panda Security 2009-07-21 12:14 . 2009-06-23 14:48 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Dev-Cpp 2009-07-17 12:54 . 2004-08-04 00:44 1241896 ----a-w- c:\windows\system32\msxml3.dll 2009-07-17 12:54 . 2001-10-26 19:28 49448 ----a-w- c:\windows\system32\msxml3r.dll 2009-07-16 20:22 . 2009-01-27 16:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-07-16 20:11 . 2009-07-16 20:11 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2009-07-16 20:11 . 2003-03-28 03:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll . ------- Sigcheck ------- [-] 2007-07-28 . 0FB6743E937C7BB248B2530A5A77ABC6 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-07-13 . A29DE506E89C131C0AACC86047CB1373 . 3856896 . . [7.00.6000.20591] . . c:\windows\system32\mshtml.dll [-] 2007-07-26 . 316ACC3AC43FC855204CE5E775F66B91 . 2145792 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe [-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll [-] 2007-07-13 . CE7193C5F7C01B19768E066087C1C919 . 814592 . . [7.00.6000.20583] . . c:\windows\system32\wininet.dll [-] 2007-07-13 . 32F67215C57DF2C401BF93B7EE65987F . 974848 . . [6.00.2900.2649] . . c:\windows\explorer.exe [-] 2007-07-27 . 89878732D5EB0C845AD2356081142F2A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\wuauclt.exe ... - brak elementu c:\windows\system32\regsvc.dll ... - brak elementu . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . Uwaga puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 148888] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048] "P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-27 124928] c:\documents and settings\All Users\My applications\ Tibia Client.exe [2009-8-3 96269] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-7-10 802816] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^My applications^Tibia Client.exe] path=c:\documents and settings\All Users\My applications\Tibia Client.exe backup=c:\windows\pss\Tibia Client.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "g:\\grid\\GRID.exe"= "c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"= "c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"= S3 cpuxp;cpuxp;c:\documents and settings\Administrator\cpuxp.sys [x] . . ------- Skan uzupełniający ------- . uStart Page = about:blank IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: {2391A5F8-7541-4215-B559-D5ED9B628B10} = 213.241.79.37,213.241.79.38,195.114.161.61,195.114.181.130 Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dll FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nwv0s9hk.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl) FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\program files\Mozilla Firefox\plugins\npwpk.dll FF - plugin: c:\program files\Spik\mozilla\npwpk.dll . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-18 18:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... c:\documents and settings\All Users\My applications\Tibia Client.exe [1672] 0x88647DA0 skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFV4ReadSpool] "ImagePath"="c:\windows\Installer\MSI87.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(708) c:\windows\system32\cscui.dll - - - - - - - > 'explorer.exe'(4196) c:\windows\system32\SHDOCVW.dll c:\windows\system32\ntshrui.dll c:\program files\Gadu-Gadu\ggwhook.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll . Czas ukończenia: 2009-09-18 18:30 ComboFix-quarantined-files.txt 2009-09-18 16:30 Przed: 1 632 038 912 bajtów wolnych Po: 8 246 149 120 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 300 @Blade@: niezły jesteś THX Pobierz te pliki http://rapidshare.com/fil.../pliki.rar.html i wypakuj bezpośrednio na dysk C. Następnie: Pobierz The Avenger zaznacz poniższy tekst: Files to delete: c:\documents and settings\All Users\My applications\Tibia Client.exe c:\windows\pss\Tibia Client.exe Drivers to delete: cpuxp Files to move: c:\wuauclt.exe \| c:\windows\system32\wuauclt.exe c:\regsvc.dll \| c:\windows\system32\regsvc.dll kopiujesz klikasz na Paste Script from Clipboard Execute Potwierdzasz i zgadzasz się na restart klikając OK. Po wykonaniu wklej raport na forum C:\avenger.txt Wklej do notatnika: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"=- "SSBkgdUpdate"=- "IndexSearch"=- "SunJavaUpdateSched"=- "QuickTime Task"=- "PDVD9LanguageShortcut"=- "BDRegion"=- "P17Helper"=- "nwiz"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"=- [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^My applications^Tibia Client.exe] Plik Zapisz jako Ustaw rozszerzenie z TXT na Wszystkie pliki zapisz pod nazwą FIX.REG uruchom utworzony plik i potwierdź Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP *************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! File "c:\documents and settings\All Users\My applications\Tibia Client.exe" deleted successfully. Error: file "c:\windows\pss\Tibia Client.exe" not found! Deletion of file "c:\windows\pss\Tibia Client.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) the object does not exist Driver "cpuxp" deleted successfully. File move operation "c:\wuauclt.exe\|c:\windows\system32\wuauclt.exe" completed successfully. File move operation "c:\regsvc.dll\|c:\windows\system32\regsvc.dll" completed successfully. Completed script processing. ***************** Finished! Terminate. Coś jeszcze?? Jeszcze tylko kroki końcowe Pobierz OTC uruchom i kliknij CleanUp Przeczyść dysk oraz rejestr CCleaner Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja Wykonaj pełne skanowanie Dr.Web CureIt - jeśli coś znajdzie wylecz/usuń i daj raport (Plik Zapisz Listę Raportu) ComboFix.exe\32788R22FWJFW\c.bat H:\Instalki\ComboFix.exe Prawdopodobnie BATCH.Virus ComboFix.exe H:\Instalki Archiwum zawierające zainfekowane obiekty Artur.exe H:\Klaudia\Zdjęcia\Artur Win32.HLLM.Xgray Usunięty. Studniówka 18.01.08.exe H:\Klaudia\Zdjęcia\Artur\Studniówka 18.01.08 Win32.HLLM.Xgray Usunięty. Oryginalne zdjęcia.exe H:\Klaudia\Zdjęcia\Artur\Studniówka 18.01.08\Oryginalne zdjęcia Win32.HLLM.Xgray Usunięty. Warszawa 8-10.02.08.exe H:\Klaudia\Zdjęcia\Artur\Warszawa 8-10.02.08 Win32.HLLM.Xgray Usunięty. autorun.inf H:\MP33 VBS.Generic.544 Usunięty. A0000015.exe H:\System Volume Information\_restore{2E96116C-D7E0-42EA-9FE0-3E8D7042152F}\RP1 Win32.HLLM.Xgray Usunięty. A0000016.exe H:\System Volume Information\_restore{2E96116C-D7E0-42EA-9FE0-3E8D7042152F}\RP1 Win32.HLLM.Xgray Usunięty. A0000017.exe H:\System Volume Information\_restore{2E96116C-D7E0-42EA-9FE0-3E8D7042152F}\RP1 Win32.HLLM.Xgray Usunięty. A0000018.exe H:\System Volume Information\_restore{2E96116C-D7E0-42EA-9FE0-3E8D7042152F}\RP1 Win32.HLLM.Xgray Usunięty. A0000019.inf H:\System Volume Information\_restore{2E96116C-D7E0-42EA-9FE0-3E8D7042152F}\RP1 VBS.Generic.544 Usunięty. Powinno być już ok Dzieki jesszcze raz, leci pomógł zanotowane.pl doc.pisz.pl pdf.pisz.pl mandragora32.opx.pl ďťż

Wszelkie Prawa ZastrzeĹźone! chomiki Design by SZABLONY.maniak.pl.

Darmowy hosting zapewnia PRV.PL

chomiki